kopia lustrzana https://github.com/OpenDroneMap/ODM
Update LD_LIBRARY_PATH in snapcraft.yaml
This fixes CVE-2020-27348 where snapcraft/snapd don't set an LD_LIBRARY_PATH upon invoking a snap so including `:$LD_LIBRARY_PATH` at the end of our custom setting we were causing an empty entry to be appended. This causes the ability for someone to potentially load an arbitrary library into our runtime because the empty entry in the search path means the dynamic linker will search the "current working directory" of where the app was launched from outside of confinement. We also include the SuperBuild `lib` directory in the search path.pull/1527/head
rodzic
07fcf73a88
commit
c6508b3f8b
|
@ -200,7 +200,7 @@ apps:
|
|||
command: odm/run.sh
|
||||
environment:
|
||||
# Ensure libraries are found
|
||||
LD_LIBRARY_PATH: $SNAP/usr/lib/$SNAPCRAFT_ARCH_TRIPLET/blas:$SNAP/usr/lib/$SNAPCRAFT_ARCH_TRIPLET/lapack:$LD_LIBRARY_PATH
|
||||
LD_LIBRARY_PATH: $SNAP/odm/SuperBuild/install/lib:$SNAP/usr/lib/$SNAPCRAFT_ARCH_TRIPLET/blas:$SNAP/usr/lib/$SNAPCRAFT_ARCH_TRIPLET/lapack
|
||||
PYTHONPATH: $SNAP/odm/SuperBuild/install:$SNAP/lib/python3.8/site-packages:$SNAP/usr/lib/python3/dist-packages/:$SNAP/usr/lib/python3.8
|
||||
plugs:
|
||||
- home
|
||||
|
|
Ładowanie…
Reference in New Issue